gLite Logging and Bookkeeping Service
Daemons running
The following daemons need to be running:
- Multiple instances of
/usr/bin/glite-lb-bkserverd
- Multiple instances of
/usr/bin/glite-lb-interlogd
-
/usr/bin/glite-lb-notif-interlogd
-
/usr/bin/glite-lb-logd
Init scripts and how to use them
There is a global init script for all gLite services running on the server:
There are also init scripts for individual segments of the L&B event delivery and processing chain:
-
/etc/init.d/glite-lb-bkserverd
for the L&B server
-
/etc/init.d/glite-lb-harvester
for the L&B harvester
-
/etc/init.d/glite-lb-locallogger
for L&B's local logger and interlogger
Location and description of configuration files
Configuration files for the L&B service are:
-
/etc/glite-lb/lcas.db
defining the location of the lcas plugin
-
/etc/glite-lb/log4crc
defining the behavior and granularity of log4c logging
-
/etc/glite-lb/glite-lb-harvester.conf
specifying the configuration of the L&B harvester
-
/etc/glite-lb/msg.conf
defining the configuration (brokers, permissible topic prefixes, plugin location) for messaging over ActiveMQ
-
/etc/glite-lb/glite-lb-authz.conf
giving authorization settings for the L&B server
Configuration files added with EMI-2
-
/etc/glite-lb/site-notif.conf
defining permanent notification registrations to be maintained by the glite-lb-notif-keeper
Configuration files added with EMI-3
-
/etc/glite-lb/html-header.html
giving an optional style/header for L&B's HTML output
Location and description of log files.
All logging information for L&B is found in:
Log messages follow the
common log format
Open ports
-
2170
: standard BDII
-
9000
: job status and logging-info queries
-
9001
: event gathering from LB loggers (WMS, CE)
-
9002
: local logger listening
-
9003
: WS client queries
Description of existing cron jobs
-
glite-lb-purge.cron
ensures regular purging of old jobs
-
locallogger.cron
ensure reloading of CRLs by the interlogger
-
bdii-proxy
BDII proxy
-
fetch-crl
keeps CRLs up-to-date
-
glite-lb-notif-keeper
maintains site-specific notification regitsrations
Description of existing utility scripts
-
/usr/bin/glite-lb-dump
used to dump the contents of the L&B database for a given period of time
-
/usr/bin/glite-lb-load
used to load events dumped with /usr/bin/glite-lb-dump
-
/usr/bin/glite-lb-purge
used to purge jobs from the L&B database
Security information
Access control Mechanism description (authentication & authorization)
The authentication method is based on trusted digital certificates. Depending on the server configuration and action requested, the users may be required to present
VOMS attributes in their proxy certificates.
L&B version 3.0 server introduces new authorization features, controlled through config file
/etc/glite-lb/glite-lb-authz.conf
How to block/ban a user
Banning individual users isn't possible in LB.
Network Usage
By default L&B server listens on port 9000 for incoming queries, 9001 for events, and 9003 for WS interface queries. The
glite-lb-logd
daemon listens on port 9002.
L&B proxy communicates over two UNIX sockets:
/tmp/lb_proxy_server.sock
(queries) and
/tmp/lb_proxy_store.sock
(incoming events).
Firewall configuration
The firewall configuration should allow access to these ports:
- 9000/TCP, 9001/TCP and 9003/TCP.
- 2170/TCP for the resource BDII service.
Security recommendations
None
Security incompatibilities
None currently known
Change of certificates
cp /etc/grid-security/hostcert.pem ~glite/.certs/
cp /etc/grid-security/hostkey.pem ~glite/.certs/
chown glite:glite ~glite/.certs/host*.pem
/etc/init.d/glite-lb-bkserverd restart
/etc/init.d/glite-lb-locallogger restart
Note, glite user and its home directory is created in post-installation scripts of
glite-lb-server,
glite-lb-logger,
glite-lb-harvester or
glite-px-proxyrenewal. Home directory location had been changed in EMI but it remains the same across upgrades.
Home directory locations for glite user can be:
- /home/glite (in pre-EMI or glite user created by yaim befor installaiton of L&B and later upgrades)
- /var/glite (in EMI-2 and later upgrades)
- /var/lib/glite (in EMI-3)
List of externals packages that are not maintained by the supported OS.
None at installation/runtime
--
ZdenekSustr - 19-Apr-2011